search

Thinkmill / manypkg

☔️ An umbrella for your monorepo
MIT License
884 stars 48 forks source link

bug(get-packages): vulnerability in globby dependency #106

Closed guahanweb closed 1 year ago

guahanweb commented 3 years ago

Closes #105

The current globby@^11.0.0 dependency has RegExp denial of service vulnerabilties

image

This PR bumps to the patched version of globby@^12.0.1.

changeset-bot[bot] commented 3 years ago

🦋 Changeset detected

Latest commit: 161fb542fb767b45a433da9d748a382f47ea516e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages | Name | Type | | --------------------- | ----- | | @manypkg/get-packages | Patch | | @manypkg/cli | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

emmatown commented 1 year ago

Fixed by #136 (This PR wouldn't have fixed it because the issue was not because of @manypkg/get-packages)